dependency-check-suppressions.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress>
        <notes><![CDATA[
   file name: h2-2.1.214.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/com\.h2database/h2@.*$</packageUrl>
        <vulnerabilityName>CVE-2022-45868</vulnerabilityName>
        <vulnerabilityName>CVE-2018-14335</vulnerabilityName>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: dependency-check-utils-7.4.4.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.owasp/dependency\-check\-utils@.*$</packageUrl>
        <cpe>cpe:/a:utils_project:utils</cpe>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: snakeyaml-1.33.jar
   False-positive for jackson-dataformats-text: https://github.com/FasterXML/jackson-dataformats-text/issues/361
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@1.33$</packageUrl>
        <vulnerabilityName>CVE-2022-1471</vulnerabilityName>
        <vulnerabilityName>CVE-2022-3064</vulnerabilityName>
        <vulnerabilityName>CVE-2021-4235</vulnerabilityName>
    </suppress>
    <suppress>
        <notes><![CDATA[
        suppress various improper matches to the CPE that belongs only to pkg:maven/org.json/json
        ]]></notes>
        <packageUrl regex="true">^(?!pkg:maven/org\.json/json@).+$</packageUrl>
        <cpe>cpe:/a:json-java_project:json-java</cpe>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: guava-31.1-jre.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
        <vulnerabilityName>CVE-2020-8908</vulnerabilityName>
    </suppress>
</suppressions>